Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-5454-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.845390

Categoría: Ubuntu Local Security Checks

Título: Ubuntu: Security Advisory (USN-5454-1)

Resumen: The remote host is missing an update for the 'cups' package(s) announced via the USN-5454-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'cups' package(s) announced via the USN-5454-1 advisory.

Vulnerability Insight:
Joshua Mason discovered that CUPS incorrectly handled the secret key used
to access the administrative web interface. A remote attacker could
possibly use this issue to open a session as an administrator and execute
arbitrary code. (CVE-2022-26691)

It was discovered that CUPS incorrectly handled certain memory operations
when handling IPP printing. A remote attacker could possibly use this issue
to cause CUPS to crash, leading to a denial of service, or obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2019-8842, CVE-2020-10001)

Affected Software/OS:
'cups' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-8842
https://support.apple.com/en-us/HT210788
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2020-10001
https://support.apple.com/en-us/HT212011
https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-26691
Debian Security Information: DSA-5149 (Google Search)
https://www.debian.org/security/2022/dsa-5149
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md
https://support.apple.com/en-us/HT213183
https://support.apple.com/en-us/HT213184
https://support.apple.com/en-us/HT213185
https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.845390
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu: Security Advisory (USN-5454-1)
Resumen:	The remote host is missing an update for the 'cups' package(s) announced via the USN-5454-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cups' package(s) announced via the USN-5454-1 advisory. Vulnerability Insight: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Affected Software/OS: 'cups' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-8842 https://support.apple.com/en-us/HT210788 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2020-10001 https://support.apple.com/en-us/HT212011 https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2022-26691 Debian Security Information: DSA-5149 (Google Search) https://www.debian.org/security/2022/dsa-5149 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/ https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html
Copyright	Copyright (C) 2022 Greenbone AG